CVE-2015-0841: off-by-one error in network code of monopd/libcapsinetwork

[Florian Weimer <fw () deneb enyo de>]

Niko Tyni privately reported this to us, but we don't think it is
exploitable with dlmalloc, so we skipped the embargo:

| There's an off-by-one error in libcapsinetwork network handling code,
| which was merged into monopd in version 0.9.4.
| 
| From src/listener.cpp, Listener::checkActivity():
| 
|   #define MAXLINE 1024
| [...]
|   char *readBuf = new char[MAXLINE];
|   int n = read((*it)->fd(), readBuf, MAXLINE);
|   if (n <= 0) // socket was closed
|   {
|           (*it)->setStatus(Socket::Closed);
|           delete[] readBuf;
|           return; // notification is (still) in earlier iteration
|   }
|   readBuf[n] = 0;
| 
| With an input line longer than 1023, this will write zero at readBuf[1024]
| which is out of bounds.

<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781043>
<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781044>